IP Cam Talk

Welcome to the new IPCT! If you are having an issue logging in, please clear your cookies / cache.

Disabling Windows Updates: All or just video drivers?

SteveN1

Young grasshopper
Joined
Jun 16, 2019
Messages
38
Reaction score
5
Location
Singapore
The general recommendation when installing Blue Iris seems to be to disable both Windows 10 and Blue Iris automatic updates, and only update when you need a feature. Generally, good advice.

The wiki recommends disabling driver updates, not all updates. Is this still the recommended configuration? I can see how you would not want video drivers to be updated, and I have also found programs that stopped working, like VMWare, when windows tried it's last mega-update, so a case could be made for disabling all of them, especially for a machine that has no Internet access except through a VPN.

Thoughts here? What are most people disabling, all updates or just the video drivers?
 

tahoebigah

n3wb
Joined
Apr 27, 2017
Messages
12
Reaction score
1
I let Windows 10 update automatically and I have never had an issue. If its connected to the network it stays up to date.
 

IAmATeaf

Getting comfortable
Joined
Jan 13, 2019
Messages
714
Reaction score
349
Location
United Kingdom
I also have mine set to install updates but not automatically restart.

Isn’t disabling windows updates in W10 something that’s quite difficult to do ?
 

SteveN1

Young grasshopper
Joined
Jun 16, 2019
Messages
38
Reaction score
5
Location
Singapore
It used to be difficult, but with one of the recent updates it is easier to disable. I've heard from more than one source that disabling updates is good practice for a Blue Iris machine, and I've had updates break other software over the years too.
 

IAmATeaf

Getting comfortable
Joined
Jan 13, 2019
Messages
714
Reaction score
349
Location
United Kingdom
Don’t have access to my BI box at the mo but when I looked all I saw were options to delay updates?
 

Zanthexter

Getting the hang of it
Joined
Aug 5, 2016
Messages
81
Reaction score
33
Thoughts here? What are most people disabling, all updates or just the video drivers?
I wouldn't be comfortable disabling Windows updates on any system connected to the internet. Most are security related.

Blue Iris and video card drivers are a finicky mix. I erase and install Windows from scratch, update BIOS, etc., than manually update drivers as needed after that. I do not install the manufacturer update software. I disable Windows automatic driver updates: How to Disable Automatic Driver Downloads on Windows 10

Best advice for a reliable Blue Iris system is to dedicate the computer to only running Blue Iris. Don't use it for web browsing, or as your QuickBooks server. Just Blue Iris.

I've seen faaaar more problems caused by 3rd party stuff like printer drivers, antivirus software, and "utilities" than Windows Updates. Of course it does happen, but most of the time it's either a minor problem or only happens with a rare mix of equipment and/or software. The #1 source of problems with Windows is the users.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
995
Reaction score
270
especially for a machine that has no Internet access except through a VPN.
I am just curious how do you set it up to have no internet access except through a VPN? Right now dual NIC I have the second NIC hooked up to internet to connect through app (through VPN in router) but still has general internet access.
 

Mikk36

Young grasshopper
Joined
Aug 21, 2018
Messages
67
Reaction score
23
Location
Estonia
You can block all requests from the BI IP address in your router firewall.

For example, this is what's allowed for my IP cameras on my network (no rule -> no access, default is to block).
upload_2019-9-16_11-7-11.png
 

JNDATHP

Pulling my weight
Joined
Oct 16, 2018
Messages
267
Reaction score
184
Location
USA
If I block BI computer from Internet how do push messages get sent? I do use a VPN on our phones.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
995
Reaction score
270
If I block BI computer from Internet how do push messages get sent? I do use a VPN on our phones.
yes this was my question. It would be great to block all internet connections and only have BI allow for push notifications.

Port 123 NTP - is that for nettime @Mikk36 - I am not really sure what your pfsense firewall setting means?
 

Mikk36

Young grasshopper
Joined
Aug 21, 2018
Messages
67
Reaction score
23
Location
Estonia
Port 123 NTP - is that for nettime @Mikk36 - I am not really sure what your pfsense firewall setting means?
Network Time Protocol
My router hosts that service so that my cameras will always have the correct timestamp and they're synced.
upload_2019-9-18_8-56-24.png
If yours can't do NTP, you can always set the cameras to use an NTP service from the internet and only allow access to that specific service, for example. One option is to pick a server (specific IP) from ntppool.org. Or set up an NTP service on the Blue Iris machine.
 

JNDATHP

Pulling my weight
Joined
Oct 16, 2018
Messages
267
Reaction score
184
Location
USA
I have an NTP server that’s local.

My question still is if I block BI computer from Internet will push messages work?
 

Mikk36

Young grasshopper
Joined
Aug 21, 2018
Messages
67
Reaction score
23
Location
Estonia
I have an NTP server that’s local.

My question still is if I block BI computer from Internet will push messages work?
From the manual:
As the notification is sent via contact with either an Apple or Google web server, you must
ensure that the BlueIris.exe file has access through any firewall or other security software.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
995
Reaction score
270
Network Time Protocol
My router hosts that service so that my cameras will always have the correct timestamp and they're synced.
View attachment 47476
If yours can't do NTP, you can always set the cameras to use an NTP service from the internet and only allow access to that specific service, for example. One option is to pick a server (specific IP) from ntppool.org. Or set up an NTP service on the Blue Iris machine.
I did this:
Setting up NetTime Time Sync Tool on Windows 10

but had to enable this on windows firewall and wanted to see if it was safe?
Go to Inbound -> New Rule -> Port -> Select UDP -> Port 123 -> Allow the connection -> for Rule applies you can check Domain, Private and Public
 

Mikk36

Young grasshopper
Joined
Aug 21, 2018
Messages
67
Reaction score
23
Location
Estonia
Yes, NTP uses UDP port 123 for listening to connections and there's no way around it (well, yes, you can usually make it listen on another port instead of 123, but you still need to open that port up in the firewall inbound rule).
 

gawainxx

n3wb
Joined
Mar 7, 2018
Messages
26
Reaction score
0
I use a combination of policies and settings.
GUI Settings
- Receive updates for other products when you receive updates for windows. (mainly so defender gets updates).
- Delivery Optimization off

Policies
- Auto download and Install updates every Saturday at 9 PM
- Do not include drivers with windows updates. (Driver updates usually create more issues for me then they solve)
- Do not adjust option to Install updates and shut down in start menu
- Semi Annual Channel, Defer Upgrade for 128 days. (Gives plenty of time for the bugs to be worked out in feature updates)
- Defer quality updates for 4 days (4 days is about the general time window it takes for MS to yank a problematic update).
 
Top